I don't see a better way of handling the OpenSSH announcement. More details or a patch would have allowed people to start writing exploits, at least they warned users of an upcoming bug and provided a work around. The OpenSSH team had to communicate with many vendors and eventually the details would have leaked. While debian may have released patched ssh packages right away, how many thousands of users of other vendors out there wouldn't have had a patch? The apache announcement was just a mess though... -Greg > *raises hand* > > Both the Apache and OpenSSH announcements were done poorly, without > any reasonable thought given to the user community. > > They should be taken out and shot ;-) (IMHO). > > -Anne -- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 [EMAIL PROTECTED]
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
